Hacker News new | ask | show | jobs
by kevinmannix 3392 days ago
What are the security concerns? What are you doing to protect user data? One of the biggest drawbacks to Mint I've encountered from friends is that they don't feel that the account data they provide is safe, or that it has a large possibility of being exposed - this has led many of my peers to not use Mint (personally, I've been using Mint for 3+ years).

That being said, very willing to try this. Personal finance should be a priority for all! Congrats on the launch.
2 comments
tbirrell 3392 days ago
To add on to this, even with the reticence many of us approach Mint with, it has the reputation of Intuit behind it. What can you say to alleviate these fears?

(directed at Penny)

link
felideon 3392 days ago
You forget that Mint was pretty successful prior to the Intuit acquisition. Their messaging was validated prior to launch, and it seems like Penny App took a page from that messaging with the use of "bank-grade security".

[1] https://blog.kissmetrics.com/how-mint-grew/

link
imalex 3392 days ago
Privacy and security are really big priorities for us, so we do our best to address those concerns whenever we can. As far as personal info is concerned, we store the minimum possible info (first name and email, no address, DOB, etc). And we use a popular service called Plaid to do the transaction retrieval, so we never store sensitive credentials. Plaid actually powers many, many other financial services, so they're quickly building a great reputation themselves.

The other aspect is that banks are really good at physical security, but not so great at data security. Consider the recent Chase breaches, where a ton of sensitive data was leaked—you're obviously placing a lot of trust on Intuit or Plaid whenever you use Mint or Penny, but at least they're modern technology companies that probably hold themselves to higher data security standards than your bank.

link
abeyer 3392 days ago
> The other aspect is that banks are really good at physical security, but not so great at data security [..snip...] but at least they're modern technology companies that probably hold themselves to higher data security standards than your bank.

Except this doesn't actually improve your banks' security at all, it's only adding another (attractive and high-value) attack surface in addition to any potential vulnerabilities that your financial providers may have.

Maybe the friction would be too much for most users, but I'd be way more likely to try something like this if there was an option to handle the data myself with an export/import process from my financial providers and not have any account credentials shared at all.

link
phailhaus 3392 days ago
I'm surprised your friends feel that way, because I was the exact opposite! I was wary of using Mint until I found out it was by Intuit, which I trust far more.
link
timcederman 3392 days ago
Intuit bought Mint, and the whole thing is built on top of Yodlee. http://yodlee.com/
link
felideon 3392 days ago
Was built on top of Yodlee. Mint transitioned to Intuit's own scraper after they were acquired.
link